An Introduction to Mobile Device Security

Authors

Abstract

Mobile devices capabilities have increased dramatically over the past years, allowing users to carry a sophisticated mix of computing power and connectivity options, in a diversity of convenient form-factors (e.g. wear- ables, smartphones, tablets). This evolution has made it possible for these devices to evolve beyond being simple tools, as they start fulfilling the role of the digital assistant in everyday tasks.

Undeniably, the acquisition of evolved interaction, communications and computing capabilities has made it possible for smartphones and modern tablet devices to perform increasingly complex tasks, giving way to new types of usage patterns. Consequently, as users increasingly rely on them to perform their daily leisure and work routines, the amount of information processed and stored through such devices is expanding.

Despite the myriad of mobile device uses, the information usage on such devices presents side-effects, especially, security-related effects. Mobile devices have become desirable targets for all sorts of malicious activities, which at- tempt to take advantage of their role and capabilities to perform a range of diverse attacks, such as information exfiltration, wiretapping or botnet/trojan infections.

Fighting these threats requires a joint effort between equipment, platform and service providers, applications’ developers, users and system administrators. For instance, developers need to be aware of the vulnerabilities and protection mechanisms available in mobile device Operating Systems, to take advantage of the best available practices to secure the information that applications handle and to protect the users’ privacy. In this line, this chapter presents and discusses several topics related to application and device security. It presents an overview of the fundamental concepts that can be used to achieve such goals and describes techniques that may be used to perform mo- bile device management, secure application development, and mobile device monitoring to prevent and mitigate several types of security issues.